<?php
	/**
	 *	Copyright (c) TeamFlamingo And gray 2004-2009
	 *	www.me-live.com.cn / www.i-gray.cn
	 *
	 *	[ WARNING ]
	 *		This is NOT a freeware!
	 *		You MUST get author's authorization before using it!
	 *	[ WARNING ]
	 *
	 *	Name : register.php / Development Code Evolve
	 *	Created / Modify : -- / 2010-3-23
	 */

	//	[CH]	这里判断一下是否有hash值传递过来
	if( !isset( $_POST['hash'] ) || empty( $_POST['hash'] ) || trim( $_POST['hash'] ) == '' || preg_match( "/\W+/i", $_POST['hash'] ) )
	{
		Header( "HTTP/1.0 404 Not Found" );
		exit;
	}

	$hash	=	trim( $_POST['hash'] );

	include	'../init.php';

	if( !extension_loaded( 'memcache' ) )
	{
		$prefix = PHP_SHLIB_SUFFIX == 'dll' ? 'php_' : '';
		if( function_exists( 'dl' ) && @dl( "{$prefix}memcache." . PHP_SHLIB_SUFFIX ) )
			define( 'MEMCACHED_MODULE_LOADED', true );
		else
			define( 'MEMCACHED_MODULE_LOADED', false );
	}
	else
	{
		define( 'MEMCACHED_MODULE_LOADED', true );
	}

	include	ME_CORE . '/memcached.lib.php';
	include	ME_CORE . '/database.lib.php';
	include	ME_CORE . '/common.h.php';

	//	[CH]	判断用户是否已经登录
	isUserLogin();
	if( $_SESSION['auth'] )
	{
		echo	'Err[3]';
		return;
	}

	function	doRegister( $args )
	{
		global	$db;

		$query	=	$db->query( "INSERT INTO `mdk_users` ( `uid`, `username`, `password`, `email` ) VALUES ( NULL, '{$args['username']}', '{$args['password']}', '{$args['email']}');" );

		mysql_close();

		if( !$query )
			echo	'Err[5]|<span>注册失败</span>';
		else
		{
			$_SESSION['UID']		=	mysql_insert_id();
			$_SESSION['email']		=	$args['email'];
			$_SESSION['username']	=	$args['username'];
			$_SESSION['password']	=	$args['password'];
			$_SESSION['loginIp']	=	getUserIp();
			$_SESSION['loginTime']	=	time();
			$_SESSION['auth']		=	TRUE;

			//	[CH]	重建Session并将该ID设为Memcached的Key
			session_regenerate_id();
			$key	=	session_id();

			unset( $_POST, $args );
			//	[CH]	将Session数据写入Memcached
			//	[CH]	直接写入总感觉有点危险
			//$db->MC->add( $key, $_SESSION, ME_TIME_OUT );
			echo	'Err[4]|注册成功！请<span>点击这里</span>或等待[<b>5</b>]秒钟后页面自动刷新';
		}
	}

	/**
	 *	这里定义了几个返回值
	 *	Err[0]	表示没有错误发生
	 *	Err[1]	表示输入错误[相关信息已经存在]
	 *	Err[2]	非法格式
	 *	Err[3]	未知错误
	 */
	switch	( $hash )
	{
		case	getMeHash( 'email' )	:
			$email	=	trim( $_POST['v'] );
			if( isEmail( $email ) )
				echo	dataExists( 'email', $email, 'mdk_users' );
			else
				echo	'Err[2]';		//	[CH]	格式非法
		break;

		case	getMeHash( 'username' )	:
			$username	=	trim( $_POST['v'] );
			if( isUsername( $username ) )
				echo	dataExists( 'username', $username, 'mdk_users' );
			else
				echo	'Err[2]';
		break;

		case	getMeHash( 'authcode' )	:
			$authcode	=	trim( $_POST['v'] );
			if( isNumber( $authcode ) )
				if( isset( $_SESSION['authcode'] ) && $authcode == $_SESSION['authcode'] )
					echo	'Err[0]';	//	[CH]	验证码正确
				else
					echo	'Err[1]';	//	[CH]	验证码错误
			else
				echo	'Err[2]';
		break;

		case	getMeHash( 'do-register' )	:
			$args	=	array();
			//	[CH]	过滤post数据
			$args['email']	=	strip_tags( trim( $_POST['email'] ) );
			$args['username']	=	strip_tags( trim( $_POST['username'] ) );
			$args['password']	=	strip_tags( trim( $_POST['password'] ) );
			$args['password2']	=	strip_tags( trim( $_POST['password2'] ) );
			$args['authcode']	=	strip_tags( trim( $_POST['authcode'] ) );

			/**
			 *	这里只面向可能的sql注入进行返回
			 *	返回信息相对简单一些
			 *	一些普通用户通常是没有办法绕过前端验证的
			 */
			if( !isEmail( $args['email'] ) || dataExists( 'email', $args['email'], 'mdk_users' ) == 'Err[1]' )
				echo	'Err[0]|<span>邮件格式非法或数据已经存在</span>';
			elseif( !isUsername( $args['username'] ) || dataExists( 'username', $args['username'], 'mdk_users' ) == 'Err[1]' )
				echo	'Err[1]|<span>用户名格式非法或数据已经存在</span>';
			elseif( $args['password'] !== $args['password2'] )
				echo	'Err[2]|<span>两次输入的密码不同</span>';
			elseif( !isset( $_SESSION ) || $args['authcode'] != $_SESSION['authcode'] )
				echo	'Err[3]|<span>外部提交或验证码错误</span>';
			else
				echo	doRegister( $args );	//	[CH]	提交注册
		break;

		default	:
			echo	'Err[3]';
	}
?>